Unlike the California Consumer Privacy Act (“CCPA”) and other state data privacy laws, there is no broad exemption for non-profits. Non-profits are exempt if they are “established to detect and prevent fraudulent acts in connection with insurance.” The MCPA does not include an entity-level exemption for companies that are covered entities or business associates under HIPAA. The data-level exemptions are consistent with most other state privacy laws. Specifically, the Minnesota Act exempts data regulated by HIPAA, the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the Driver’s Privacy Protection Act, the Family Educational Rights and Privacy Act, the Farm Credit Act, the Minnesota Insurance Fair Information Reporting Act, and various other regulations. Enhanced Privacy Rights for Consumers The MCPA contains obligations for controllers that largely follow provisions in other comprehensive state privacy laws. Provisions similar to other state laws include recognition of universal opt-out mechanisms, required data protection assessments, exclusive attorney general enforcement, and a 30-day right to cure that sunsets in 2026. The MCPA provides consumers with the right to: • Confirm whether a controller is processing personal data about the consumer and to access the categories of personal data processed by the controller; • Correct inaccurate personal data concerning the consumer, taking into account the nature of the data and purposes of processing; • Delete the consumer’s personal data (subject to exceptions); • Obtain a copy of personal data that the consumer previously provided to the controller, where the data processing is conducted by automated means; and
82
Made with FlippingBook - Online Brochure Maker